CVE-2024-26256

HIGH

Libarchive < 3.7.4 - Out-of-Bounds Write

Title source: rule

STIX 2.1

Description

Libarchive Remote Code Execution Vulnerability

References (9)

Core 9

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2024/06/04/2

Mailing List

http://www.openwall.com/lists/oss-security/2024/06/05/1

Patch

https://github.com/LeSuisse/nixpkgs/commit/81b82a2934521dffef76f7ca305d8d4e22fe7262

View Patch ZIP pw:eip

Patch

https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch

Release Notes

https://github.com/libarchive/libarchive/releases/tag/v3.7.4

Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/EWANFZ6NEMXFCALXWI2AFKYBOLONAVFC/

Mailing List

https://lists.fedoraproject.org/archives/list/[email protected]/message/TWAMR5TY47UKVYMWQXB34CWSBNTRYMBV/

Mailing List

https://www.openwall.com/lists/oss-security/2024/06/04/2

Third Party Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256

Scores

CVSS v3 7.8

EPSS 0.3876

EPSS Percentile 97.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-122 CWE-787

Status published

Products (6)

fedoraproject/fedora 39

fedoraproject/fedora 40

libarchive/libarchive < 3.7.4

microsoft/windows_11_22h2 < 10.0.22621.3447

microsoft/windows_11_23h2 < 10.0.22631.3447

microsoft/windows_server_2022_23h2 < 10.0.25398.830

Published Apr 09, 2024

Tracked Since Feb 18, 2026